Two-factor authentication is starting to become more commonplace as social media company, LinkedIn, joined a group of companies that offer the extra security measure.
Since the beginning of June, those who use the business networking platform have been able to turn on two-factor authentication (referred to by LinkedIn as “two-step verification”) in their settings.
With LinkedIn becoming more popular throughout the manufacturing automation industry it remains vital users don’t let attackers in through this form of social media.
As with Facebook and other services, a password and a security code sent to the user’s registered mobile by SMS text message will be a must when someone tries to log in from a previously unregistered device or from a web browser they haven’t used before. While in the settings, it is also a good idea to enable HTTPS-encrypted connections via Settings/Account/Manage security settings, as, by default, LinkedIn continues to provide its web pages in plain text.
In summer 2012, LinkedIn dealt with a million-dollar class action lawsuit brought by a user after a password leak affected the network. In the class action complaint, the plaintiff accused LinkedIn of creating “significant risks to the integrity of users’ sensitive data” by using the “outdated” SHA1 hashing algorithm from 1995 to protect its users’ data.
In addition, the social network did not salt the hashed passwords beforehand. Another point in the complaint concerned the platform’s information policy. LinkedIn only admitted that a leak had occurred after third-party observers publicly announced the password theft. The lawsuit ended up dismissed in March.
While SHA1 is no longer an up-to-date password-hashing method, the more contemporary technique is Password-Based Key Derivation Function 2 (PBKDF2), which, according to current information, allows passwords to end up stored in an almost uncrackable way.